Protecting the
Privacy of Student Records, Section 4 summary
Section 4:
Securing the Privacy of
Data Maintained
and Used within an Agency
Section Summary:
A. Management Responsibilities
An official designated as the records manager
should be responsible for keeping individual records safe and intact from
accidents, unauthorized access, theft, changes, or unintentional release.
B. Defining "Legitimate Educational
Interests"
It is more practical to establish criteria
for determining broad categories of positions than to list exactly who
or what individual positions are considered "school officials."
While agencies or schools may establish a
policy to determine what constitutes "legitimate educational interest,"
the decision also may be made case-by-case.
If you have any questions about whether a
requestor has a legitimate educational interest, ask the records manager
not to disclose the information without prior approval from the parents
or other appropriate officials.
C. Training Agency Staff
All staff should be trained in information
security as soon as they are hired. You should inform staff of what is
considered appropriate and inappropriate access to data and use of the
information within the records.
D. Professional Ethical Standards
Existing professional standards are invaluable
resources to support policymaking and training.
E. Research Use within an
Agency
It is important to determine each time whether
the staff assigned to conduct the research are trained and authorized to
access the data. An alternative approach is to sidestep the question of
security by creating a research file deleting the students' identifying
information.
